Russian suspected of U.S. election hack arrested in Spain

A Russian arrested in Spain may be involved in the hack of the U.S. presidential election.

A Russian man was arrested in Barcelona over the weekend suspected of involvement in the hack of the U.S. election.

While details are sketchy, a spokesperson for the Russian embassy in Madrid said on Sunday that Pyotr Levashov, a Russian computer programmer, had been arrested. Levashov was in Spain on vacation with his family. The charges are unclear as the embassy spokesperson did not provide further details.

RT, a Russian TV station, according to a Reuters piece, reported that Levashov was detained under a U.S. international arrest warrant and was suspected of involvement in the hacks pertaining to last year's U.S. presidential election.

RT quoted Maria Levashova, the wife of Pyotr Levashov, saying police entered the apartment in Barcelona in which they were staying and kept her under guard for two hours while they questioned her husband. She said that when she later spoke on the phone with her husband, at that point in police custody, he informed her he was told that he was behind a computer virus that was "linked to Trump's election win."

Whether it turns out that Pyotr Levashov is connected with the hack of the U.S. presidential election, he could well be a spam king, well known on Russian underground forums, under the moniker Severa, as moderator of several online spam communities – supplying malware authors with spam networks. Severa is currently designated number seven on a list of the world's Top 10 Worst Spammers, maintained by anti-spam group Spamhaus.

According to security investigator Brian Krebs, in addition to spamming activities, Severa ran several other criminal operations, including getting virus writers and spammers to install phony anti-virus software used for for ransomware attacks and other ploys.

Krebs added that, based on "ample evidence," Severa likely is also the mastermind behind the notorious Waledac spam botnet, which enlisted between 70,000 and 90,000 computers over several years to send out 1.5 billion spam messages per day.

While the Reuters report in early versions of its account – citing reports from Russian TV that associated Levashov with involvement in hacks into the U.S. presidential election – updates to the Reuters report hint that those claims may be unfounded.

“A U.S. Department of Justice official said it was a criminal matter without an apparent national security connection,” the newer version of the Reuters report stated.

However, there is another twist to the story. The New York Timesreported on Sunday that the man known as Severa has been linked with malware used to influence a domestic election in Russia, adding credence to the statement made by Maria Levashova to Russian TV that her husband – or at least malware he distributed – is believed by officials to be involved in the hack of presidential election. So the arrest of Pyotr Levashov this weekend could provide further details to investigators.

Though details are sketchy, many are convinced that Pyotr Levashov is indeed involved in the hack of the U.S. presidential election.

"Absolutely, there wouldn't be an arrest without some level of evidence," Paul Innella, CEO of TDI, a global cybersecurity firm headquartered in Washington D.C., which serves U.S. government agencies and the private sector, told SC Media on Monday.

Showing an evidentiary trail that attributes the attacks to Levashov – or to Russia itself – will be a top priority for U.S. investigators, Innella told SC. "Now that the U.S. Justice Department's criminal division has taken the lead, it means one of two things: Either we know with a good deal of certainty that Levashov is a rogue hacker who allegedly committed a cybercrime, or we suspect he is part of a Russian state-sponsored attack but can't prove it. In the case of the latter, while under interrogation we would hope to extract from Levashov pointed evidence to impugn Russia's involvement."

When asked how the U.S. government might go about providing evidence in this case, Innella said that Levashov might reveal some of his tools, techniques and trails he used to obfuscate his path. "This would provide a more complete picture for investigators to resolutely prove his and maybe Russia's involvement with U.S. election hacking."

Innella believes this is one of many dominoes to fall which, in tandem, will topple Russia's cyber “iron-curtain.” He told SC that he expects the investigation to reveal "an alarming picture of how extensively they are working to infiltrate nation-states to manipulate them in support of Russia's goals."

Other experts are not quite convinced.

"It's a little early to know what, if anything, has been provided as evidence," Mike Buratowski, senior vice president at Fidelis Cybersecurity, told SC Media on Monday. "If in fact he was arrested on a warrant for involvement in the hack of the U.S. presidential election, then we can assume that the U.S. government has provided some evidence and/or an indictment or warrant that the FBI/Spanish authorities would have relied on to make the arrest."

Other than the assertion that the FBI and Spanish authorities made this joint arrest, Buratowski said we don't know what country or legal authority the arrest was made under.

The next step would be to get through extradition, he added. "If he was arrested on a U.S. warrant or indictment, the U.S. will push to try him in the U.S. In order to accomplish the extradition, the U.S. will have to provide substantial evidence to get a Spanish court to approve transferring this person to the United States."

It is too early to state this person was involved in the hack associated with the presidential election, Buratowski said, but from a broader perspective, it is not unusual to have someone develop malware or an exploit for another person/agency to use.

"In fact there is a substantial “malware as a service” economy in existence today," he told SC. He said he believed it is important to note as well, that in communist countries, there isn't as clear of a line on when a person is employed by the government. "Just because he may or may not be receiving a paycheck from the government does not mean his actions were not being directed by the government," Buratowski said. "It is completely feasible that he was targeted for his spam operation or other 'illicit' activity by Russia, and then told he needs to develop a piece of malware for the government's use or else he will face prosecution for his spam/'illicit' activity."

Russia has been formally accused by the U.S. government of interference in the election process to help with the campaign of Republican candidate Donald Trump – specifically, hacking emails of Democratic party officials. Ties between Russia and Trump are also under investigation by the U.S. Congress.

All accusations of interference in the U.S. election process have been denied by Russian officials, including President Vladimir Putin.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.